Rapid7 Blog

Pentest Web Servers You Didn't Know You Had

POST STATS:

SHARE

Most tools for web application security testing have the approach of going deep into an application to uncover issues inside a single web application. There's nothing wrong with this approach if you want to do a deep dive into one specific web application, especially if it is a major application exposed on the Web. The other approach is to see what web servers are running on a network and seeing if they can be exploited with quick and scalable testing. This is the approach Metasploit Pro takes.

When conducting a penetration test, especially an internal one, a web app scan with Metasploit Pro will reveal a lot of web servers you didn't know you had. In a quick scan on a sample network with 78 hosts, I found 18 hosts that were running a total of 34 HTTP/HTTPS services. That's almost half the hosts exposing a web interface. Some of these were servers, laptops, and VOIP devices, often exposing an administration interface or sometimes a rogue webserver - providing a potential way to exploit the host. Most of these would be overlooked in a dedicated web app audit that focuses only deep on one web application.

Here is how you run a Web app audit on your network:

Run a Network Discovery on the IP range of your network

Select all the hosts in the list and click on WebScan

After the WebScan is completed, select all websites in the Web Apps tab and click on Audit Web Apps

If you want to try exploitation, select all websites in the Web Apps tab and click on Exploit Web Apps.

SHARING IS CARING

AUTHOR

Want more? Don’t miss these posts

"I'm more comfortable with the Metasploit command line," is an objection I often hear from long-time Metasploit Framework users who are thinking about purchasing a copy of Metasploit Pro or Metasploit Express. What many penetration testers don't know is that you can use the command…

If you're working in IT security in U.S. federal government, chances are that you have to comply with the Federal Information Security Management Act of 2002 (FISMA). With Metasploit Pro, you can generate FISMA compliance reports that map penetration testing findings to controls, as…

Featured Research

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Toolkit

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Featured Research

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.